Challenges to Overcome in Digital Forensics

IoT Forensics is a rapidly growing subject within Digital Forensics. Due to the security challenges inherent in the IoT ecosystem, the demand for IoT forensics is growing daily.

FREMONT, CA: The Internet of Things (IoT) impacts every aspect of lives, from how people react to how they behave. The IoT's fundamental components are data-gathering devices. All of this is accomplished through the use of sensors. Every electronic equipment contains sensors. It's in electrical appliances, mobile phones, intelligent virtual assistants, and nearly everything else people come into contact with daily.

The data acquired from all devices is transmitted to the cloud via a communication channel such as cellular networks, WiFi, Bluetooth, or satellite networks, among others.

Once the data reaches the cloud, it begins to be analyzed. Data processing might be as simple as determining the footfall taken or as complex as identifying an object in video footage, depending on the data collected by the sensor.

The final component is the user interface. All data collected and evaluated must be made available to the end-user to act on it. Typically, this user interface is contained within a web browser or program.

Increased cybersecurity threats accompany the tremendous growth of the IoT sector. Recently, cyber threat actors have drastically expanded their attack matrix against IoT devices to assault, disrupt, and steal millions of users' data.

As a result, digital forensics investigators are critical in the rapidly growing subject of IoT forensics. They can harvest data from these sophisticated devices and create digital footprints that lead to criminal suspects.

Digital Forensic Investigators have numerous obstacles in locating the relevant source, collecting and conserving artifacts, and processing massive amounts of data to uncover key evidence. The following are the primary obstacles to overcome;

Identification: Identifying possible evidence in an IoT context might be difficult. Rather than being constrained to a single host or data center, data is scattered among multiple cloud services, network-attached storage units, cryptocurrency wallets, and online social networks, among others. As a result, digital forensics professionals encounter significant problems when seeking evidence. Even if the location is established, investigators may be unfamiliar with the IoT devices and supporting infrastructure.

Additionally, the resources may be subject to various countries, each having its own set of complex and sometimes inconsistent data protection and unauthorized intrusion legislation.

Acquiring and Preserving: When a potential source of evidence is found, the question becomes how to gather and preserve evidence from IoT devices, applications, IoT services, and IoT networks in a forensically sound manner. The primary issue is the battery life of IoT devices. In comparison to laptops and smartphones, most IoT devices have limited processing and storage capabilities. Certain IoT devices may lack a persistent memory containing user data and may have limited power, greatly limiting the duration of the device or even precluding live forensics. Data encryption can make evidence collection extremely difficult.

Analysis: The analysis of acquired evidence may be hampered by the medium it was acquired. At this stage of the inquiry, the primary concern is the volume of data that an IoT device may generate.

The amount of evidence gathered in IoT is substantially greater than in traditional digital forensics. At this point, the issue of privacy is critical. Collecting and analyzing evidence enables pieces of evidence to be pieced together and used to establish an individual's identity and conduct. That is advantageous if the subject of the investigation is a component of the identification. However, it is difficult to predict in advance. The data collected from an IoT system may contain a range of information about people who were not participating in the research.